ipxe is the preferred option for the network bootloader for automated bare metal provisioning. Increasingly customers are requesting support for UEFI Secure Boot to be enabled. However currently Secure Boot must be switched off during the provisioning process because the ipxe efi binaries are not signed.

This is a request for the ipxe efi files to be signed with pesign during packaging (like the grub2 package).

This would allow customers to include the Red Hat key in a custom Secure Boot policy and enable Secure Boot. It would also be the first step in getting the shim to somehow boot into ipxe instead of grub.